Ok, from what I heard, I needed to install inetd to get xchat running - because xchat would "never" connect to any irc's that I gave it - upon checking apt-cache - I could only find xinetd - so I installed it...

Now, xchat works fine, but when I boot and shutdown, I get about 15 to 20 of these (repeated single messages)

IMPORTANT INFORMATION FOR XINETD USERS
-------------------------------------------------------------
The following line will be added to your /etc/inetd.conf file:

#<off># ftps stream tcp nowait sslwrap.sslwrap /usr/sbin/tcpd /usr/sbin/sslwrap -nocert -addr 127.0.0.1 -port ###

If you are indeed using xinetd you will need to convert the
above into /etc/xinetd.conf format, and add it manually. See
/usr/share/doc/xinetd/README.Debian for more information
--------------------------------------------------------------------------

This message repeats for about 15 to 20 times, both on boot and shutdown, but each message has a different port ###

Anyone ever work with XInetd? What in the world does it need me to do this for? Why do I need to do it? The port numbers have been ommited for security reasons (I guess), these messages do not show up when doing a dmesg, nor can I find a log file that contains these messages, just the boot screen and shutdown screens. By adding these ports to where it says, won't that allow security holes? When I looked in the inetd.conf file, I found the entries it said it was adding, but at the top of the file - it states by placing a # in front of the line, it comments it out - if this is the case, why do I need to add a comment to a file? Am I wrong?

Help -=- Please -=- Anyone...
Hopelessly Lost,
Cuddles

That is a firewall problem not a need for xinetd, you need to tell your firewalling program to NAT the IRC connections and it will work without the xinetd there should be an option you can set somewhere. I have no problems with Xchat and I do not have the xinetd installed on either my box or my firewall/router machine I just had to set the above mentioned option in my script.


HappyTux:/home/stephen# acp xinetd
xinetd:
Installed: (none)
Candidate: 1:2.3.12-2
Version Table:
1:2.3.12-2 0
990 http://ftp2.de.debian.org testing/main Packages
600 http://ftp2.de.debian.org unstable/main Packages
1:2.3.4-1.2 0
500 http://security.debian.org stable/updates/main Packages
500 http://ftp2.de.debian.org stable/main Packages
HappyTux:/home/stephen# acp xchat
xchat:
Installed: 2.0.5-3
Candidate: 2.0.5-3
Version Table:
2.0.7-1 0
600 http://ftp2.de.debian.org unstable/main Packages
*** 2.0.5-3 0
990 http://ftp2.de.debian.org testing/main Packages
100 /var/lib/dpkg/status
1.8.9-0woody2 0
500 http://security.debian.org stable/updates/main Packages
500 http://ftp2.de.debian.org stable/main Packages

Last login: Tue Feb 10 16:35:59 2004 from happytux
stephen@SleepyTux:~$ su
Password:
SleepyTux:/home/stephen# apt-cache policy xinetd
xinetd:
Installed: (none)
Candidate: 1:2.3.4-1.2
Version Table:
1:2.3.4-1.2 0
500 http://security.debian.org stable/updates/main Packages
500 http://ftp.de.debian.org stable/main Packages

Firewall = GuardDog, and IRC is already allowed, are you also saying I should locate NAT and do the same Stephen?

Thanks,
Cuddles

Firewall = GuardDog, and IRC is already allowed, are you also saying I should locate NAT and do the same Stephen?

Thanks,
Cuddles

Sorry poor choice of words I was thinking the ip_conntrack_irc module that needs to be loaded for the IRC not NAT there is also an ip_nat_irc as well that I believe has to be loaded when using the NAT. I used to use Guarddog and never had problems so have you checked to make sure that module gets loaded.

Firewall = GuardDog, and IRC is already allowed, are you also saying I should locate NAT and do the same Stephen?

Thanks,
Cuddles

Sorry poor choice of words I was thinking the ip_conntrack_irc module that needs to be loaded for the IRC not NAT there is also an ip_nat_irc as well that I believe has to be loaded when using the NAT. I used to use Guarddog and never had problems so have you checked to make sure that module gets loaded.

Ok, I am getting confused...

Check what? ip_conntrack_irc, or ip_nat_irc, or is this a referance to something in GuardDog?

Whatever I am suposed to check that is getting loaded, how do I do that? If I am installing something, what? You mention three things, and loading - GuardDog needs to load what? ip_conntrack_irc "module" is loaded how? ip_nat_irc is loaded how?

From your statement, here and previous, the assumption I am under is, xinetd is not needed, is it to be removed from running in SysV, and since inetd was loading in SysV, should I replace it back?

I'm learning here Stephen, I can do a few things, minor things, but this was all done because someone said I needed inetd for xchat, which I couldn't locate, so I found xinetd, which "appeared" to be a "x" of inetd, which someone said was needed - since installing it, I got these messages now. I am getting frustrated, and very confused at all of this. I just wanted xchat to work, now it does, but with all those boot/shutdown messages. Can I get something to work without something else going "funny", or wrong, or start spewing out messages that I don't know what to do about?

Can you explain what I need to do, in "smaller", easier "digestable" words, or sentences? Consider I never did this, don't know what to do, nor how to do it. If its something in GuardDog, I can locate it and select it to accept it, but other than that, I need a walk-through.

Thanks,
Cuddles

Those are modules for IPtables that can be loaded when Guarddog is running the ip_conntrack_irc is IP connection tracking for IRC which is what allows you to use IRC without problems when using a firewall. Here is what the modules look like on my firewal/router:


Last login: Fri Feb 13 00:02:28 2004 from happytux
stephen@SleepyTux:~$ su
Password:
SleepyTux:/home/stephen# lsmod
Module Size Used by Not tainted
ipt_TOS 1080 34 (autoclean)
ipt_MASQUERADE 1304 1 (autoclean)
ipt_LOG 3288 141 (autoclean)
ipt_TCPMSS 2424 3 (autoclean)
ipt_tos 440 0 (unused)
iptable_mangle 2192 1
ip_nat_ftp 2832 0 (unused)
ipt_tcpmss 984 0 (unused)
ip_nat_irc 2256 0 (unused)
iptable_nat 15096 10 [ipt_MASQUERADE ip_nat_ftp ip_nat_irc]
ip_conntrack_irc 3056 8
iptable_filter 1668 1
ipt_multiport 632 0 (unused)
ip_conntrack_ftp 3728 1
ipt_state 568 175
ip_conntrack 17992 11 [ipt_MASQUERADE ip_nat_ftp ip_nat_irc iptable_nat ip_conntrack_irc ip_conntrack_ftp ipt_state]
ipt_limit 952 144
ip_tables 11096 14 [ipt_TOS ipt_MASQUERADE ipt_LOG ipt_TCPMSS ipt_tos iptable_mangle ipt_tcpmss iptable_nat iptable_filter ipt_multiport ipt_state ipt_limit]
msr 1128 0 (unused)
cpuid 936 0 (unused)
apm 8896 0 (unused)
parport_pc 25032 0
parport 24608 0 [parport_pc]
keybdev 1696 0 (unused)
input 3296 0 [keybdev]


So you need to check the modules that are loaded when the firewall is running to see if it does not get loaded which would cause the problem when you are not using the xinetd.

I just checked the FAQ (http://www.simonzone.com/software/guarddog/manual2/faq.html) on the Guarddog (http://www.simonzone.com/software/guarddog) site and it appears you are talking about ident not xinetd that was causing you the problem from the faq:



4.3.

Why are my FTP/Mail/IRC connections slow?




Many mail and IRC servers, when connected to, use the "ident" protocol to try to find out the owner of the incoming connection, and don't respond to the incoming connection until they have tried "ident". This problem shows up, for example, as delays when connecting to mail servers. The connection will be made with the mail server, but there will be a noticeable delay before any mail is retrieved. This is because the server tries to make an "ident" connection back, but has wait and time out before realising that it won't work. The solution is to just make sure that "ident" is being rejected for connections coming from the zone containing the mail server.

So it looks like you need to reject ident the protocol.

Don't feel bad Cuddles, I can't even install screen savers.

nmcphillips, I can do that :!: (Cuddles is feeling a little better now, thanks :D)

Stephen,
Ok, I got ident/auth in GuardDog set to accept - both on internet, and local now...
I also did a lsmod, and I have the stuff you posted running (displayed) on my screen too

But, I still get those durn messages from xinetd on boot and shutdown...

Considering I don't need xinetd, I was thinking I was just going to delete xinetd from being fired off inside SysV - but I did have inetd running before - I removed them, and left the xinetd setup - Can't I just stop xinetd from running? (since it seems to be the problem issue here?

Problem is, I don't recall where inetd was in the order of start-up and shutdown numbers (priorities or something) - and when I tried to add inetd into one of the levels, it yelled about its priority number not being known, and can't place it correctly - when I looked at the properties of "inetd" - its priority number is set to 0 (zero)

I think I need inetd (this is the correct spelling, and process), or I need to know what I need to do for xinetd... So, do I put back inetd, and if so, where does it go? Or, if I just use xinetd, what do I need to do to get rid of these pesky messages?

Thanks Stephen for all your work on this, it really helps a newb :D
Cuddles

It was at /etc/rc[2-5].d/S20inetd and links to the file /etc/init.d/inetd.



HappyTux:/home/stephen# ll /etc/rc1.d/S20inetd
ls: /etc/rc1.d/S20inetd: No such file or directory
HappyTux:/home/stephen# ll /etc/rc2.d/S20inetd
lrwxrwxrwx 1 root root 15 2003-12-27 11:12 /etc/rc2.d/S20inetd -> ../init.d/inetd
HappyTux:/home/stephen# ll /etc/rc3.d/S20inetd
lrwxrwxrwx 1 root root 15 2003-12-27 11:12 /etc/rc3.d/S20inetd -> ../init.d/inetd
HappyTux:/home/stephen# ll /etc/rc4.d/S20inetd
lrwxrwxrwx 1 root root 15 2003-12-27 11:12 /etc/rc4.d/S20inetd -> ../init.d/inetd
HappyTux:/home/stephen# ll /etc/rc5.d/S20inetd
lrwxrwxrwx 1 root root 15 2003-12-27 11:12 /etc/rc5.d/S20inetd -> ../init.d/inetd
HappyTux:/home/stephen# ll /etc/rc6.d/S20inetd
ls: /etc/rc6.d/S20inetd: No such file or directory


It looks like it is part of the netkit-inetd package so if recreating the links does not work you may want to apt-get --reinstall install netkit-inetd.


HappyTux:/home/stephen# dpkg -S inetd
netkit-inetd: /etc/init.d/inetd
kernel-headers-2.4.23.031202: /usr/src/kernel-headers-2.4.23.031202/include/linux/inetdevice.h
netkit-inetd: /usr/sbin/inetd
linux-kernel-headers: /usr/include/linux/inetdevice.h
kernel-headers-2.4.24.040105: /usr/src/kernel-headers-2.4.24.040105/include/linux/inetdevice.h
netkit-inetd: /usr/share/doc/netkit-inetd
netkit-inetd: /usr/share/man/man8/inetd.8.gz
netkit-inetd: /usr/share/man/man5/inetd.conf.5.gz
netkit-inetd: /usr/share/doc/netkit-inetd/copyright
libnet-ssleay-perl: /usr/share/doc/libnet-ssleay-perl/examples/ssl-inetd-serv.pl
netkit-inetd: /usr/share/doc/netkit-inetd/changelog.gz
netbase: /usr/share/man/man8/update-inetd.8.gz
netkit-inetd: /usr/share/doc/netkit-inetd/BUGS
netbase: /usr/sbin/update-inetd
netkit-inetd: /etc/cron.daily/netkit-inetd
netkit-inetd: /usr/share/doc/netkit-inetd/changelog.Debian.gz
dictd: /usr/share/doc/dictd/README.inetd.gz
netkit-inetd: /usr/share/doc/netkit-inetd/README
kernel-headers-2.6.2: /usr/src/kernel-headers-2.6.2/include/linux/inetdevice.h

Stephen you are a God-Send :!:

I checked my links, they were deffinately messed up, so I opt'ed for the reinstall option.

After reinstalling, I rebooted - the messages still showed up, so I went into SysV and found that xinetd was still starting up, as well as inetd - which I wanted. So, I removed xinetd from starting up within SysV. Did another reboot, no luck, still the messages - finally, got the hint, purge remove xinetd, did another reboot.

The messages are gone :!: - my xchat works perfectly - Mozilla works perfectly - KMail works perfectly - and GuardDog is still in defend mode :!:

Thanks millions Stephen, I _seriously_ appreaciate all the help on this,
Cuddles